SoheilKhodayari / TheThing
TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
☆40Updated last year
Related projects ⓘ
Alternatives and complementary repositories for TheThing
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆43Updated last week
- Same Origin XSS challenge☆56Updated 2 years ago
- Searcher for cross-site leaks (XS-Leaks)☆81Updated last year
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆56Updated 10 months ago
- Awesome MXSS ??☆45Updated last month
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆59Updated 2 weeks ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆99Updated last week
- A collection of Server-Side Prototype Pollution gadgets and exploits☆133Updated 2 months ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆14Updated last month
- Grammar-based HTTP/2 fuzzer with mutation ability☆42Updated 2 years ago
- A curated list of argument injection vectors☆37Updated 2 months ago
- Utility for creating ZipSlip archives☆67Updated last year
- Simple taint analyzer for PHP/WordPress using VKCOM/php-parser☆18Updated 2 years ago
- List of Trusted Types bypasses☆86Updated 7 months ago
- ☆15Updated 3 years ago
- Blog about HTTP Request Smuggling, including a demo application.☆23Updated 2 years ago
- A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers☆11Updated last year
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last year
- jws2pubkey tool☆37Updated 5 months ago
- Testability Pattern Catalogs for SAST☆29Updated 8 months ago
- ☆31Updated last year
- Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes☆30Updated last year
- ☆92Updated 3 years ago
- Find all libraries on cdn.js that pollute your prototype☆19Updated 2 years ago
- Updated version of the ProtoBurp Extension, with enhanced features and capabilities to encode and fuzz custom protobuf messages☆36Updated last year
- ☆158Updated 3 years ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆52Updated 5 months ago
- ☆65Updated last month
- XS-Leak Browser Test Suite☆73Updated 11 months ago